5.3

CVSS4.0

CVE-2025-15439 - Daptin Aggregate API resource_aggregate.go goqu.L sql injection

A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely. โ€ฆ

๐Ÿ“… Published: Jan. 2, 2026, 5:02 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5

CVSS3.1

CVE-2025-69417 -

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.

๐Ÿ“… Published: Jan. 2, 2026, 4:55 p.m. ๐Ÿ”„ Last Modified: Feb. 27, 2026, 3:08 p.m.

5

CVSS3.1

CVE-2025-69416 -

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.

๐Ÿ“… Published: Jan. 2, 2026, 4:52 p.m. ๐Ÿ”„ Last Modified: Feb. 27, 2026, 3:08 p.m.

7.1

CVSS3.1

CVE-2025-69415 -

In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.

๐Ÿ“… Published: Jan. 2, 2026, 4:49 p.m. ๐Ÿ”„ Last Modified: Feb. 27, 2026, 3:27 p.m.

8.5

CVSS3.1

CVE-2025-69414 -

Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.

๐Ÿ“… Published: Jan. 2, 2026, 4:43 p.m. ๐Ÿ”„ Last Modified: Feb. 27, 2026, 3:27 p.m.

5.1

CVSS4.0

CVE-2026-0566 - code-projects Content Management System edit_posts.php unrestricted upload

A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been โ€ฆ

๐Ÿ“… Published: Jan. 2, 2026, 4:32 p.m. ๐Ÿ”„ Last Modified: April 18, 2026, 8:45 a.m.

8.1

CVSS4.0

CVE-2025-59389 - Hyper Data Protector

An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later

๐Ÿ“… Published: Jan. 2, 2026, 3:51 p.m. ๐Ÿ”„ Last Modified: Jan. 22, 2026, 6:20 p.m.

7

CVSS4.0

CVE-2025-62842 - HBS 3 Hybrid Backup Sync

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version: โ€ฆ

๐Ÿ“… Published: Jan. 2, 2026, 3:51 p.m. ๐Ÿ”„ Last Modified: Feb. 5, 2026, 7:03 p.m.

7

CVSS4.0

CVE-2025-62840 - HBS 3 Hybrid Backup Sync

A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following vโ€ฆ

๐Ÿ“… Published: Jan. 2, 2026, 3:51 p.m. ๐Ÿ”„ Last Modified: Feb. 5, 2026, 7:04 p.m.

8.1

CVSS4.0

CVE-2025-11837 - Malware Remover

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later

๐Ÿ“… Published: Jan. 2, 2026, 3:51 p.m. ๐Ÿ”„ Last Modified: Jan. 22, 2026, 6:28 p.m.
Total resulsts: 346283
Page 2013 of 34,629
ยซ previous page ยป next page
Filters